Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/jenkins-job-builder: improve error handling and add accessTokenFile option #51166

Closed
wants to merge 2 commits into from
Closed

nixos/jenkins-job-builder: improve error handling and add accessTokenFile option #51166

wants to merge 2 commits into from

Conversation

bjornfor
Copy link
Contributor

Motivation for this change
  • stop reloadScript on error
  • add accessTokenFile option. This new option allows storing the secret access token outside the world readable Nix store.
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@bjornfor
nixos/jenkins-job-builder: stop reloadScript on error
363eef3 
Currently there are two calls to curl in the reloadScript, neither which
check for errors. If something is misconfigured (like wrong authToken),
the only trace that something wrong happened is this log message:

  Asking Jenkins to reload config
  <h1>Bad Message 400</h1><pre>reason: Illegal character VCHAR='<'</pre>

The service isn't marked as failed, so it's easy to miss.

Fix it by passing --fail to curl.

While at it:
* Add $curl_opts and $jenkins_url variables to keep the curl command
  lines DRY.
* Add --show-error to curl to show short error message explanation when
  things go wrong (like HTTP 401 error).
* Lower-case the $CRUMB variable as upper case is for exported environment
  variables.

The new behaviour, when having wrong accessToken:

  Asking Jenkins to reload config
  curl: (22) The requested URL returned error: 401

And the service is clearly marked as failed in `systemctl --failed`.
@bjornfor
nixos/jenkins-job-builder: add accessTokenFile option
b79f579 
The new option allows storing the secret access token outside the world
readable Nix store.
@bjornfor
Copy link
Contributor Author

bjornfor commented Dec 3, 2018

Applied to master (8ebfd5c, bb94d41).

@bjornfor bjornfor closed this Dec 3, 2018
@bjornfor bjornfor deleted the jenkins-job-builder branch December 3, 2018 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bjornfor @GrahamcOfBorg